---
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: postgres
    namespace: gitea
    labels:
      app: postgres
  spec:
    selector:
      matchLabels:
        app: postgres # has to match .spec.template.metadata.labels
        tier: postgres
    strategy:
      type: RollingUpdate
      rollingUpdate:
        maxSurge: 1
        maxUnavailable: 0
    template:
      metadata:
        labels:
          app: postgres
          tier: postgres
      spec:
        containers:
        - image: postgres:12
#          command: ["/bin/sh", "-ec", "while :; do echo '.'; sleep 5 ; done"]
#          securityContext:
#            runAsUser: 1000
          name: postgres
#          command: ["chown", "-R", "1000:1000", "/var/lib/postgresql/data"]
          envFrom:
            - configMapRef:
                name: postgres-config
          env:
            - name: PGDATA
              value: /var/lib/postgresql/data/pgdata
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: gitea-secrets
                  key: pg_username
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: gitea-secrets
                  key: pg_password
          ports:
          - containerPort: 5432
            name: postgres
          volumeMounts:
          - name: postgres-persistent-storage
            mountPath: /var/lib/postgresql/data
            subPath: pgdata
        volumes:
        - name: postgres-persistent-storage
          persistentVolumeClaim:
            claimName: postgres-pvc